A recent report from Collyer Bristow*, one of Londons leading law firms, found that 55% of organisations with over 250 staff are unaware of GDPR. Based on the 2017 company figures from the Office of National Statistics (ONS) there are 2.69 million PAYE and VAT registered business in the UK. About 50,000 of those have …
Can there be an equation for compliance? As in mathematical formulas, there is a balance in compliance that needs to be resolved. Every organisation needs to understand what is required of them; what regulations and standards are applicable (Gravity) and understand what are the affected assets (Data in this case). Then, how do they meet …
The imminent GDPR will be a wake up call for some organisations. A host of new rights for individuals are being introduced. Organisations will need to provide processes that allow individuals to exercise these rights.
A Simple GDPR overview for those getting started So what is the GDPR? The General Data Protection Regulation is a new European Union law that becomes enforceable on the 25th of May 2018. It’s aim is to protect individuals by updating data protection law which has not kept pace with the changes brought about by …
A GDPR Primer for those getting started So what is the GDPR? The General Data Protection Regulation is a new European Union law that becomes enforceable on the 25th of May 2018. It’s aim is to protect individuals by updating data protection law which has not kept pace with the changes brought about by modern …
Context: The GDPR requires organisations to maintain a detailed record of their processing activities. This requirement applies to organisations that process data for themselves and on behalf of others. The records created need to be made available to the supervisory authority on their request.
Context: In some cases the GDPR refers to explicit technical measures that need to be implemented such as data encryption and psuedonymisation. In other instances the regulation is vague on what constitutes appropriate security. Therefore there is no definitive list of exactly which technical measures need to be implemented. The measures an organisation chooses should …
Context: The data protection impact assessment is the key documentary requirement which arises in the GDPR. It’s purpose is to ensure that risks to the personal information of individuals have been considered and, where risks are identified, mitigated. It is a mandatory requirement in some instances but is advised across all processing of personal information. …
Context: It should be made clear up front that contracts are an area where specific legal advice should be sought. The detail given below gives an insight into the requirement stated within the GDPR. It will also be useful as a starting point to check the status of your current contracts.
Context: Where the GDPR mandates that a DPO is required it also stipulates that the organisation provides an appropriate level of support to the DPO to enable them to carry out their duties: The controller and processor shall support the data protection officer in performing the tasks referred to in Article 39 by providing resources …
Copyright ©2016–2022 Gydeline Ltd | Company Registered in England & Wales No. 09559617 | North Wing, Norway House, Summers Street, Lostwithiel, Cornwall, PL22 0BT | VAT No: 226 0817 24